com.alibaba.otter:manager.deployer (>=4.2.1 <=4.2.15), com.alibaba.otter:manager.web (>=4.2.1 <=4.2.15) +53 more potentially affected by CVE-2014-5326 via org.directwebremoting:dwr (>=2.0.rc2 <=2.0.11-RELEASE)

org.directwebremoting:dwr MAVEN version =2.0.rc2, =4.2.1, =4.2.1, =2.1, =2.1, =2.1, =2.1, =2.1, =2.1, =2.1, =2.1, =2.1, =2.1, =2.1, =2.1, =2.1.1 and more Source cves: CVE-2014-5326 Source advisory: OSV:GHSA-Q5V2-2V66-6HWM...

CSRF vulnerability in Jenkins OpenShift Deployer Plugin

A cross-site request forgery vulnerability in Jenkins OpenShift Deployer Plugin in the DeployApplication.DeployApplicationDescriptordoCheckLogin form validation method allows attackers to initiate a connection to an attacker-specified server...

CSRF vulnerability in Jenkins OpenShift Deployer Plugin

A missing permission check in Jenkins OpenShift Deployer Plugin in the DeployApplication.DeployApplicationDescriptordoCheckLogin form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server...

GHSA-RQF2-4GGC-C74W Jenkins WebSphere Deployer Plugin stores credentials in plain text

Jenkins WebSphere Deployer Plugin stores credentials unencrypted in job config.xml files on the Jenkins controller. These credentials can be viewed by users with Extended Read permission, or access to the Jenkins controller file system...

Jenkins WebSphere Deployer Plugin stores credentials in plain text

Jenkins WebSphere Deployer Plugin stores credentials unencrypted in job config.xml files on the Jenkins controller. These credentials can be viewed by users with Extended Read permission, or access to the Jenkins controller file system...

GHSA-8J62-29JG-6HJ6 Jenkins wildFly Deployer Plugin stores credentials in plain text

Jenkins WildFly Deployer Plugin stores deployment credentials unencrypted in job config.xml files on the Jenkins controller. These credentials can be viewed by users with Extended Read permission, or access to the Jenkins controller file system...

Jenkins wildFly Deployer Plugin stores credentials in plain text

Jenkins WildFly Deployer Plugin stores deployment credentials unencrypted in job config.xml files on the Jenkins controller. These credentials can be viewed by users with Extended Read permission, or access to the Jenkins controller file system...

net.stickycode.deploy:sticky-deployer-tomcat8 (=2.1), org.sakaiproject:sakai-dav-server (>=11.0 <=11.3) potentially affected by CVE-2016-8735 via org.apache.tomcat:tomcat-catalina-jmx-remote (>=8.0.20 <=8.0.32)

org.apache.tomcat:tomcat-catalina-jmx-remote MAVEN version =8.0.20, =11.0, =11.3 Source cves: CVE-2016-8735 Source advisory: OSV:GHSA-CW54-59PW-4G8C...

Non-transferable critical privileged role

Handle gzeon Vulnerability details Impact DEPLOYER is a constant in Manager and it is the only role that can call setSherlockCoreAddress to change sherlockCore address. Consider this is a critical function and there might be a need to change the deplorer address in the future e.g. governance...

DEPLOYER can drain underlying asset deposited by AaveV2Strategy and drain SHER token in SherDistributionManager

Handle wuwe1 Vulnerability details Proof of Concept For sdm. DEPOLYER can call pullReward and send arbitrary amount of sher in sdm to the DEPOLYER. For AaveV2Strategy.sol , attacker can call withdrawAll and drain the underlying asset if there is any. Recommended Mitigation Steps Add Timelock on...

com.alibaba.otter:canal.deployer (>=1.1.7 <=1.1.8), com.alibaba.otter:canal.instance.core (>=1.1.7 <=1.1.8) +90 more potentially affected by CVE-2021-37137 via org.jboss.netty:netty (>=3.1.0.BETA1 <=3.2.10.Final)

org.jboss.netty:netty MAVEN version =3.1.0.BETA1, =1.1.7, =1.1.7, =1.1.7, =1.1.7, =1.1.7, =1.1.7, =1.1.7, =1.1.7, =1.1.7, =5.0.2, =5.0.2, =5.0.2, =5.0.2, =5.0.2, =5.6.4 and more Source cves: CVE-2021-37137 Source advisory: OSV:GHSA-9VJP-V76F-G363...

CloudBees Jenkins OpenShift Deployer Plugin Has Unspecified Vulnerability

CloudBees Jenkins Hudson Labs is a set of Java-based development of continuous integration tools from the U.S. company CloudBees. The product is mainly used to monitor the continuous software version release/testing projects and some timed tasks.OpenShift Deployer Plugin is used in one of the...

CloudBees Jenkins Deployer Framework Plugin Cross-Site Scripting Vulnerability

CloudBees Jenkins Hudson Labs is the United States CloudBees company a set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing project and some timed execution of the task . A cross-site scripting...

Vulnerabilities fixed in Jenkins

Several vulnerabilities have been fixed in Jenkins. A malicious user could potentially exploit the vulnerabilities to perform a Cross-Site Scripting XSS attack. A such an attack can lead to the execution of arbitrary script code in the browser used to visit the application. Jenkins developers hav...

CVE-2020-2227

Jenkins Deployer Framework Plugin 1.2 and earlier does not escape the URL displayed in the build home page, resulting in a stored cross-site scripting vulnerability...

CVE-2020-2227

Jenkins Deployer Framework Plugin 1.2 and earlier does not escape the URL displayed in the build home page, resulting in a stored cross-site scripting vulnerability...

Cross site scripting

Jenkins Deployer Framework Plugin 1.2 and earlier does not escape the URL displayed in the build home page, resulting in a stored cross-site scripting vulnerability...

CVE-2020-2227

Jenkins Deployer Framework Plugin 1.2 and earlier does not escape the URL displayed in the build home page, resulting in a stored cross-site scripting vulnerability...

CVE-2020-2227

The CVE-2020-2227 entry concerns the Jenkins Deployer Framework Plugin (versions 1.2 and earlier). The vulnerability is a stored XSS caused by the plugin not escaping the URL displayed on the build home page. Impact is that an attacker could execute script in the context of an affected user’s bro...

PT-2020-15443 · Jenkins · Jenkins Deployer Framework Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Deployer Framework Plugin versions 1.2 and earlier Description: The issue is related to a stored cross-site scripting vulnerability. It occurs because the URL displayed in the build home page is not properly escaped. This vulnerabilit...